How to Effectively Communicate Cybersecurity Risks to the Board: Yabing Wang’s Playbook for Executives

In this episode of CyberOXTales Podcast, host Neatsun Ziv, CEO of OX Security, welcomes Yabing Wang, VP, Information Security & CISO of Justworks. They explore how to effectively communicate cybersecurity risks to the board, avoid common pitfalls in board presentations, and align cybersecurity with business priorities. Yabing shares her unique experience bridging technical and business leadership roles, offering practical advice for security professionals at the executive level.

About Our Guest:

Yabing Wang is the VP, Information Security & CISO of Justworks, a New York-based company specializing in payroll, benefits, and insurance services. With over 20 years of experience in cybersecurity and former roles at Netscape and HEB, Yabing has a rich background in both technical and executive leadership.

Connect with Yabing: LinkedIn

Key Takeaways:

• Use plain language and relatable examples when communicating cybersecurity risks to non-technical board members.
• Avoid focusing solely on metrics. Frame the data within the broader security context to show progress and highlight key risks.
• While CISOs act as advisors on risk, business owners should ultimately own the risk decisions.
• Yabing discusses the benefits of reporting to general counsel versus traditional IT reporting lines, offering unique visibility to the board.
• Yabing shares details about his new book, 97 Things Every Application Security Professional Should Know, a comprehensive guide for security professionals.